[ovs-dev] [PATCH v7 00/10] Add support for offloading CT datapath rules to TC
Paul Blakey
paulb at mellanox.com
Sun Jan 5 08:57:20 UTC 2020
On 1/3/2020 9:32 AM, Simon Horman wrote:
> On Sun, Dec 22, 2019 at 12:16:33PM +0200, Paul Blakey wrote:
>> The following patchset introduces hardware offload of OVS connection
>> tracking datapath rules.
>>
>> OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state()
>> matches to support connection tracking.
>>
>> The datapath rules are in the form of:
>>
>> recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2)
>> recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4
>>
>> This patchset will translate ct_state() and recirc_id() matches to tc
>> ct_state and chain matches respectively. The datapath actions ct() and recirc()
>> will be translated to tc actions ct and goto chain respectively.
>>
>> The tc equivalent commands for the above rules are:
>>
>> $ tc filter add dev dev1 ingress \
>> prio 1 chain 0 proto ip \
>> flower tcp ct_state -trk \
>> action ct pipe \
>> action goto chain 2
>>
>> $ tc filter add dev dev1 ingress \
>> prio 1 chain 2 proto ip \
>> flower tcp ct_state +trk+est \
>> action mirred egress redirect dev dev2
>>
> Hi Paul,
>
> Happy New Year!
>
> Thanks for persisting with this series.
>
> I was waiting to see if there was further review and I waited longer
> than I might have otherwise due to the end-of-year holiday season.
> Perhaps I did not wait long enough but I do think this series looks good.
> And the delta between recent versions has been quite small. So I think
> that any further feedback can be addressed by follow-up patches.
>
> I have applied this series to master.
Hi,
Happy new year :)
Thanks for merging.
Paul.
>
>> Thanks,
>> Paul
>>
>> Paul Blakey (10):
>> match: Add match_set_ct_zone_masked helper
>> compat: Add tc ct action and flower matches defines for older kernels
>> tc: Introduce tcf_id to specify a tc filter
>> netdev-offload-tc: Implement netdev tc flush via tc filter del
>> dpif: Add support to set user features
>> tc: Move tunnel_key unset action before output ports
>> netdev-offload-tc: Add recirculation support via tc chains
>> netdev-offload-tc: Add conntrack support
>> netdev-offload-tc: Add conntrack label and mark support
>> netdev-offload-tc: Add conntrack nat support
>>
>> datapath/linux/compat/include/linux/openvswitch.h | 3 +
>> include/linux/automake.mk | 3 +-
>> include/linux/pkt_cls.h | 46 +-
>> include/linux/tc_act/tc_ct.h | 41 ++
>> include/openvswitch/match.h | 2 +
>> lib/dpif-netdev.c | 1 +
>> lib/dpif-netlink.c | 63 ++-
>> lib/dpif-provider.h | 2 +
>> lib/dpif.c | 9 +
>> lib/dpif.h | 2 +
>> lib/match.c | 10 +-
>> lib/netdev-linux.c | 6 +-
>> lib/netdev-offload-tc.c | 607 +++++++++++++++-------
>> lib/netdev-offload.h | 3 +
>> lib/tc.c | 448 ++++++++++++----
>> lib/tc.h | 112 +++-
>> 16 files changed, 1070 insertions(+), 288 deletions(-)
>> create mode 100644 include/linux/tc_act/tc_ct.h
>>
>> --
>> 1.8.3.1
>>
More information about the dev
mailing list